GnuPG News for November and December 2015

Posted December 24th, 2015 by Neal

See us at 32C3

Werner and Neal will each give a talk at 32C3 as part of the FSFE
Assembly. Both talks are on Monday, December 28th. Neal's
presentation is at 16:00 in Hall A.1. He'll present "An Advanced
Introduction to GnuPG." Werner follows immediately at 17:00 with
"GnuPG and its current state of development."

If you want to chat, we (Justus, Kai, Neal & Werner) will be around
during the congress. (Neal will be mostly hanging out at the Kidspace
and thus will probably be the easiest to find.) If you want to
arrange a chat, send us an email. If you see one of us, don't
hesitate to ask for a business card with a list of the keys we use to
sign GnuPG releases!

Press

Development

There have been two new releases of GnuPG: version 2.1.10 and version
1.4.20.

Version 2.1.10 is the first GnuPG version to include support for TOFU.
TOFU stands for trust on first use and should be familiar to anyone
who uses ssh. Basically, TOFU is a mechanism to detect when the
binding between an identity and a key changes. This can prevent or
detect active man-in-the-middle (MitM) attacks and forgeries.
Although this protection is weaker than the Web of Trust's theoretical
guarantees, we have observed that most people don't bother to sign
keys or set owner trust. The practical result is that most users
don't make use of the web of trust and, as such, GnuPG only protects
them from passive MitM attacks. TOFU provides protection against
active MitM as long as they are not sustained while not requiring any
user support. Happily, the web of trust and TOFU can be combined. To
read more about how to use TOFU, see this email. A more theoretical
handling of how TOFU works is described in our forthcoming paper.
(Feedback is welcome.)

Another noteworthy addition to 2.1.10 is Tor support. To enable this,
simple add the following to your dirmngr.conf file:

use-tor
keyserver hkp://jirk5u4osbsr34t5.onion

(hkp://jirk5u4osbsr34t5.onion is the .onion address for SKS
Keyserver Pool.) Note: for this to work, you'll need to be running
Tor. On Debian, you just need to install the Tor package; there is
nothing more to configure.

2.1.10 also includes a number of small additions. It is now possible
to use --default-key multiple times and GnuPG will use the last key
that is available for signing (this is good when using a configuration
file shared among multiple hosts). --encrypt-to-default-key will
causes all messages to also be encrypted to the key specified in
--default-key. --unwrap will strip an OpenPGP message of its
encryption layer (and everyone thing outside of it). Since most
messages are signed and then encrypted, this preserves the signature
(unlike --decrypt). --only-sign-text-ids causes --sign to not
sign photo IDs.

In 2.1.10, Neal added code to detect ambiguous key specifications.
This code proved to be incomplete and has since been removed from git.
Given that it will take some time to ensure that the code is stable,
this feature will return in 2.3.x. (2.2 is planned for the beginning
of 2016.)

2.1.10 also includes a number of bug fixes for dirmngr. In
particular, there was a bug that prevented fetching a large number of
keys over TLS streams.

Both 2.1.10 and 1.4.20 include support for the new --weak-digest
option, which can be used to explicitly mark a digest as deprecated.
(You should consider doing this for SHA-1, which is no longer
considered safe.)

Andre published version 2.3.0 of gpg2win. He's also been working on
GpgOL (a GnuPG plug-in for Outlook). The latest test version includes
support for sending PGP/MIME mails. If you are interested in helping
to test it, read the wiki and follow the gpg4win-devel mailing list
for details.

Jussi has continued his work on libgcrypt. He recently added a
variable length output interface for the digest API, which was needed
for new SHAKE algorithms. He has also worked on some new
optimizations for the hash-algorithms; fine-tuned existing SHA-3/SHAKE
and Tiger implementations and added an ARMv7/NEON implementation of
SHA-3/SHAKE.

Niibe fixed an important long standing bug in scdaemon whereby users
cannot access their smartcard after reinsertion. Another minor bug
that he fixed is that the removal of smartcards was not always
correctly detected. These bugs are fixed in 2.1.10 and will be
backported to 2.0.x.

Niibe also did a major change in libgcrypt for Curve25519, which
changes the point format of the curve by adding the 0x40 prefix (this
is the same as Ed25519). New private keys and encrypted messages
created with the new libgcrypt will always have the prefix 0x40. Any
users of Curve25519 encryption should update their libgcrypt.
Existing keys should continue to be handled correctly.

For those interested in Werner's work on g13 (a LUKS replacement,
which allows using a smartcard to decrypt the master key), he has
pushed his current work to the wk/g13work branch.

Contact

Werner announced the official chat room for developers. Note: for
general questions, #gnupg on freenode remains the better real-time
chat forum.

Donations

At the beginning of 2015, the Linux Foundation, as part of their core
infrastructure initiative, made a one-time USD60,000 donation. We are
pleased to report that the Linux Foundation has decided to renew their
support for 2016 and have donated another USD60,000. Thanks!

Update 2016-01-01

We have meanwhile received unofficial information that Facebook did
not rescinded their support pledge. We are waiting for an official
comment and will report on that then.

Update 2016-04-27

With the help of the friendly Facebook folks we were meanwhile able to
clarify our perceived problem with their donation promise. It was all
due to an unfortunate misunderstanding between us. Facebook will
keep on supporting GnuPG in 2016 with a donation of 50000 USD.

This support greatly helps us to pay our developers who are busy
working on improving GnuPG and the global encryption infrastructure.

About this news posting

We try to write a news posting each month. However, other work may
have a higher priority (e.g. security fixes) and thus there is no
promise for a fixed publication date. If you have an interesting
topic for a news posting, please send it to us. A regular summary of
the mailing list discussions would make a nice column on this news.